California recently enacted SB 568 (Business & Professions Code 22580) to prevent certain types of online advertising from being shown to kids. Like so many other state efforts to regulate the Internet, the new law takes an understandable regulatory objective and turns it into a sloppily drafted and misguided law that will not survive judicial challenge intact.

What the Law Does

Spray paint cans (Photo credit: Wikipedia)

The new law says websites/apps directed to minors may not advertise items that minors (under 18) cannot legally purchase. Restricted items include the usual suspects (alcohol, guns, tobacco products and lottery tickets) and less obvious items, such as diet pills containing ephedrine, spray paint and etching cream. All other websites/apps must take “reasonable actions in good faith” to avoid specifically directing ads for restricted items to known minors. Kid-directed websites/apps can shift the compliance burden to their advertising services simply by notifying the service they are kid-directed. The law also prohibits using, disclosing or compiling a minor’s personal information to help advertise restricted items to minors.

First, the law protects minors’ “personal information” but doesn’t define the term. Without a definition, the term is meaningless. We know that just about any data can be combined with other data to personally identify individuals.

Second, the law doesn’t define who is an “advertising service.” Surely it covers ad networks like Google AdSense, but do the obligations extend to other players in the online ad industry: ad serving technology providers, ad agencies, buyers of remnant ad inventory, etc.?

Third, the law restricts “specifically directing” an ad to a minor, but I have no idea what that means. The law suggests that “run of site” ads should be OK, but I’m not sure when other targeting efforts trigger the restriction.

Finally, like its online eraser counterpart, the law establishes a potentially illusory distinction between teen-oriented websites and adult websites.

Legal Problems With the Law

Some of the more obvious legal deficiencies of the law:

The Dormant Commerce Clause. As I mentioned in my prior post, I think state attempts to regulate Internet activity categorically violate the Dormant Commerce Clause, the Constitutional doctrine that says only Congress can regulate interstate commerce. For example, does a website/app with no physical connection to California have to comply with t6is law simply because a California minor uses it? If yes, that's a problem under the Dormant Commerce Clause.

The Dormant Commerce Clause problem is even more pronounced for advertising services located outside California. Assume a Florida-based website tells a Massachusetts advertising service to block ads for restricted items because it’s a kid-directed site and might have California minors using it. At that point, the restriction would impact all non-California users of the Florida-based website--even if some items may be legal for minor users to purchase outside California. Thus, the California law regulates communications between two non-California parties, which California cannot do constitutionally.

The First Amendment. This law tries to suppress speech on the basis of its content and possibly the identity of its speaker (i.e., kid-oriented websites). Under the Supreme Court’s recent Sorrell decision, the law might be subject to the highest level of scrutiny, which would almost certainly ensure its unconstitutionality. If the Sorrell precedent doesn’t apply, the law will be subject to the lower, but still rigorous, scrutiny applicable to advertising. This analysis is unpredictable; courts usually support legislative efforts to protect the kids, but (as discussed below) courts also have good reason to question this law's efficacy. (For a possibly analogous discussion, see this recent Fourth Circuit ruling striking down a Virginia law restricting college newspapers from running alcohol ads).

47 USC 230 Even if the law survives the Constitutional challenges, much of it is preempted by 47 USC 230, the 1996 federal law that says websites and apps aren’t liable for third party content or advertising. The law explicitly hold websites and apps responsible for third party ads--exactly what Section 230 prohibits. Other state laws attempting to hold online publishers responsible for third parties’ online ads have failed due to Section 230. See, e.g., the Backpage cases and the battle over online prostitution ads. From my perspective, Section 230 preemption for the law's application to third party ads isn’t even a close legal question.

Implications

Protecting kids online remains a perennial regulator rallying cry, but does this law actually help minors? Any website or app that cares about its public reputation voluntarily wouldn't target ads to kids for restricted items. How many examples of bad publisher/advertiser behavior have we seen that this law would correct? If the answer is “not many,” we have some reason to question the cost-benefit of the law.

Furthermore, even if the prohibited advertising reaches the minors, that doesn’t change the fact that the minors still can’t buy the advertised items legally. I recognize that retailers aren’t always careful about age verification and black markets exist, but suppressing the ads is just a prophylactic to support the existing sales bans. It’s not clear if the benefits of the prophylactic step outweighs the costs of suppression.

It’s not surprising this law both has questionable merit and is undermined by weak drafting. Simply put, over the past 15+ years, state legislatures have proven that they suck at regulating the Internet. Worse, state legislatures don’t learn from their mistakes. They systematically make avoidable drafting errors, ignore Section 230 and Constitutional considerations, and pass high-cost/low-benefit Internet regulations.

Knowing that state legislatures can’t avoid this trap, Congress needs to cut them off. Section 230 already should squelch many of the bad regulatory impulses of state legislators, but it’s clearly not enough (as evidenced by this law, which unreservedly disregards Congress’ plain instructions). Just like Congress once imposed a moratorium on state taxation of the Internet, Congress should enact a broad moratorium on new state efforts to regulate the Internet. Basically, until states learn how to treat their Internet regulatory power with more respect, Congress should give them a regulatory time-out.

Congress’ intervention is especially important because leading Internet companies like Google and Facebook won’t always defend the Internet from overzealous state legislators. Here, Google and Facebook let the California legislature enact a lousy law with an impossible-to-miss Section 230 problem. Why didn’t Google and Facebook fix or kill the law? I imagine it’s because Google and Facebook plan to comply with it. After all, compliance won’t cost them too much while their rivals might not be so fortunate. It’s a reminder that Internet incumbents won’t necessarily look out for us when our legislators go rogue. That makes it even more paramount that we as Internet users communicate our legislative priorities during election season.